Hi,

Recently, i need to generate a self-signed certificate key by openssl.
After a long time research i found that there are two way to generate it.

1. openssl x509 -req -days 3650 -in server.CSR -signkey server.key -out server.crt
2. openssl x509 -req -days 3650 -in server.CSR -CA CA.crt -CAkey server.key -set_serial 01 -out server1.crt

And i found that the CSR request public key is 2048 bit, but in first way, the server.crt size is 4096 bit and in second way, the server1.crt is 2048 bit size.

[root@localhost]# openssl req -in server.CSR -noout -text
…..
RSA Public Key: (2048 bit)
Modulus (2048 bit):
…..
[root@localhost]#openssl x509 -noout -text -in server.crt
…..
RSA Public Key: (4096 bit)
Modulus (4096 bit):
…..
[root@localhost]# openssl x509 -noout -text -in server1.crt
……
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
……


I just want to know what the different between these two ways and why the length of crt is different.

BR

Greetingz!

As those are all (typically) plain-text files, it should be easy to just open them up and take a look at why there different
IIRC, it has to do with the encoding style. Your second method incorporates the CA certificate.
NOTE: I wouldn't recommend posting anything here that has "RSA PRIVATE KEY" in it, you're supposed to make sure those are never given out.